Ransomware RanHassan: a new defense tool from Bitdefender

Bitdefender released in early November a decryptor universale to help victims recover data encrypted by attacks RanHassan ransomware.

What is RanHassan Ransomware

RanHassan Ransomware has appeared on the internet scene recently and has been identified by Bitdefender, the world leader in computer security, at early summer 2022.

RanHassan seems to mostly target users who are in India e in Middle East. The signs of infection are unmistakable, presenting you with a message that others aren’t that a ransom note:

“CAUTION…CAUTION…CAUTION…CAUTION…CAUTION….hta.”

Bitdefender has created a universal decryptor

Il decryptor universale di Bitdefender was released on November 7, is free, and should cover all known variants of RanHassan ransomware, which should amount to about six, including minor ones.

To decrypt the ransomed you need to follow a series of steps:

• scaricare il decryptor tool at the following link and save it on the infected device;
• start the program and accept the license for use;
• select a folder to scan for encrypted files or allow the tool to find files on your system. To identify the correct keys you must have at least one file in both the encrypted and unencrypted versions.
• start the decryption process and let the tool do its job until all files are cleaned up.

The tool can also be run in mode Silent through a command line (cmdline) if, for example, it becomes necessary to deploy it in a very large network. Specifically, the features available are:

• – help
• start
• – scan-path (specify the path containing the encrypted files)
• – full-scan (it will ignore the scan-path function)
• – disable-backup (will disable backup file option)
• – replace-existing
• – test-path.

For more information on the use of the Bitdefender universal decryptor, please refer to the following Blog Post.

Last, but not least, i K7Security Labs have published a technical analysis of RanHassan (DCDcrypt), which you can find here.